[FIX] notebookapp, auth: `get_secure_cookie` kwargs #3778
Per Tornado's documentation:
With the current implementation in
This makes impossible to set the cookie expiration without
This revision is about adding the possibility to pass options
In my opinion,
Per Tornado's documentation: >By default, Tornado’s secure cookies expire after 30 days. >To change this, use the expires_days keyword argument to >set_secure_cookie and the max_age_days argument to get_secure_cookie. >These two values are passed separately so that you may >e.g. have a cookie that is valid for 30 days for most purposes, >but for certain sensitive actions >(such as changing billing information) >you use a smaller max_age_days when reading the cookie. With the current implementation in `auth/login.py`, this is possible to pass the `expires_days` option but not possible to enforce it as this is not possible to pass `max_age_days` to `get_secure_cookie` This makes impossible to set the cookie expiration without using a custom `LoginHandler`. This revision is about adding the possibility to pass options to Tornado's `get_secure_cookie` method, so it can be possible to set the cookies expiration, among others.
Thank you for your review :)
I updated the PR.
I chose the
That said, for my own purposes, I am indeed only interested to the